DISA Aims to Influence Industry Innovation

Prototype technologies could be fielded within two years.

The Defense Information Systems Agency (DISA) is acquiring an array of cutting-edge technologies using rapid development processes and could begin fielding some of those technologies within the next two years.

Vice Adm.Nancy Norton, USN, director, DISA, and commander, Joint Force Headquarters Department of Defense Information Network (JFHQ-DODIN), noted on the first day of the AFCEA TechNet Cyber 2019 conference that the agency is increasing its focus on innovation through the use of other transactional authorities (OTAs). On the second day of the conference, Adm. Norton and her team of high-ranking officials and subject matter experts provided more details on the systems being developed.

Part of the agency’s motivation, according to Stephen Wallace, DISA’s systems innovation scientist with the Emerging Technology Directorate, is to influence industry’s innovative solutions. “It’s a number of prototypes. The ones you’re seeing right now are fairly exploratory, but it’s to influence the commercial world, so it will show up in products that we can then, down the line, acquire and integrate into our solutions going forward,” he said. “We’re not decades [away]. We’re also not a couple of months from now. We’re probably in the one- to two-year timeframe when we start to see some of those things show up regularly.”

Adm. Norton told reporters during the press conference that she and other DISA officials are actively working to improve DISA’s acquisition processes. “To do that, we have worked with our program managers and program officers to improve communications across the board, improving the transparency with our industry partners to help them understand more about our mission, our goals, our capability gaps … so that they can deliver the right things so that we have the solutions we need for our warfighting mission,” she said.

Among other systems, the agency is exploring the potential for cloud-based browser isolation technologies, which essentially redirect Internet browsing from a user desktop to a remote server external to the DODIN so that malicious activity does not impact DODIN operations. DISA is working with two vendors and will assess their products in the coming months before choosing just one. Each will be tested with a user base of 50,000 personnel.

“We went that route with this technology particularly because it hasn’t been done at this scale. It’s still, frankly, very much a niche market, but we think once successful, it could dramatically change the way we protect our network,” Wallace said.

He described cybersecurity as a “cat-and-mouse game” in which DISA detects a threat and deploys countermeasures only to see new threats pop up. “We were looking for alternatives and we think browser isolation is a fairly promising one.”

The agency also is assessing artificial intelligence and machine learning software for cybersecurity purposes. The technology will free up analysts by sorting through vast amounts of network data and looking for needle-in-the-haystack information that could indicate a threat. “We can’t human our way out of these kinds of problems, so we’re looking for creative solutions with respect to AI and machine learning for those repetitive tasks we can aim a computer at and let it go to town,” Wallace explained.

Additionally, DISA is working with two companies that provide user authentication systems.

Roger Greenwell, DISA’s risk management executive and authorizing official, explained that monitoring user activities will help with the insider threat. “We are in the process of deploying user activity monitoring on our classified networks, so that we have visibility of what’s happening on the networks. Often times, mistakes can happen, so we want to have visibility and to understand what could be considered a mistake and what could be considered a malicious action,” he said.

The agency also is exploring behavioral analytics systems. DISA is not interested in monitoring every single keystroke or every action a user takes, but they do want to know when someone is downloading large files they don’t necessarily need to conduct their jobs or are suddenly working a lot of late hours.

The new technologies are expected to complement the agency’s efforts to achieve a zero trust environment. “You can’t get anywhere else with respect to zero trust, if you don’t have a strong notion of identity—of not just the person but the device that they’re on as well as the devices they’re talking to on the other end,” Wallace stated.

Currently, DISA’s network administrators are often given 24/7 access to do whatever they need. “We need the administrators to really not have that level of standing access. We need automation to be able to affect those changes,” Greenwell said.

Despite the adoption of new technologies, the ubiquitous common access card (CAC) will still have a security role to play. “One of the biggest misnomers when we started the assured identity work was that we were trying to kill the CAC. That is not at all the case,” Wallace said. “We still see the crypto-backed authentication as the primary means, but then we see the biometric and contextual authentication continuously on the back end to help augment that initial cryptographic authentication.”

DISA officials are looking at a number of ways they can leverage OTAs in the future, but Wallace points out they have to stay within established bounds. “They’re not a super bullet solution to everything, but for some of these technologies that are emerging, that aren’t broadly adopted, we think it’s a fantastic tool to help us get there more quickly.”